Malware Can Be Stored in DNA, Researchers Warn

Researchers at the University of Washington say it's possible to hack a computer using malware stored in DNA. In other words, malware is going molecular.

There's no evidence anyone is using this for nefarious reasons—at least not yet. But researchers say "security gaps" in common, open-source DNA processing programs could make it possible—though not easy—for individuals to gain control of computer systems, access personal information, and even manipulate DNA results.

In a new paper, the team offer details of this technique and recommendations to strengthen computer security and privacy protections in DNA synthesis, sequencing, and processing.

"One of the big things we try to do in the computer security community is to avoid a situation where we say, 'Oh shoot, adversaries are here and knocking on our door and we're not prepared,'" co-author Tadayoshi Kohno, a professor at UW's Paul G. Allen School of Computer Science and Engineering, said in a statement. "Instead, we'd rather say, 'Hey, if you continue on your current trajectory, adversaries might show up in 10 years. So let's start a conversation now about how to improve your security before it becomes an issue.'"

Researchers hypothesized that it may be possible to produce malware-laden DNA strands that, if sequenced and analyzed, could compromise a computer. Through trial and error, they proved it could be done.

"To assess whether this is theoretically possible, we included a known security vulnerability in a DNA processing program," they wrote. "We then designed and created a synthetic DNA strand that contained malicious computer code encoded in the bases of the DNA strand. When this physical strand was sequenced and processed by the vulnerable program it gave remote control of the computer doing the processing. That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA."

Related

You shouldn't worry too much at this point, though, according to author and Allen School Associate Professor Luis Ceze. "We don't want to alarm people or make patients worry about genetic testing, which can yield incredibly valuable information," Ceze said. "We do want to give people a heads up that as these molecular and electronic worlds get closer together, there are potential interactions that we haven't really had to contemplate before."

Co-author Lee Organick, a research scientist in the Molecular Information Systems Lab, said someone would have to overcome "lots of challenges" to pull this off. "Even if someone wanted to do this maliciously, it might not work," Organick wrote. "But we found it is possible."

The researchers plan to discuss their findings during a presentation at the USENIX Security Symposium in Vancouver on Aug. 17.

Check Also

Twitter's spam bot issue isn't new, but it came to a head when it was revealed that thousands of Russian troll accounts used the platform to influence the 2016 Presidential elections. Now, the company has announced a set of changes and new developer...

Advertisement

Categories

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.